search

cucumber / vscode

Official Visual Studio Code Extension for Cucumber
MIT License
65 stars 16 forks source link

Migrate from deprecated VSCode dependencies #161

Closed nodeg closed 9 months ago

nodeg commented 1 year ago

🤔 What's changed?

2 dependencies in package.json and one in package-lock.json

⚡️ What's your motivation?

Get rid of:

$ npm install
npm WARN deprecated @npmcli/move-file@2.0.1: This functionality has been moved to @npmcli/fs
npm WARN deprecated vscode-test@1.6.1: This package has been renamed to @vscode/test-electron, please update to the new name
npm WARN deprecated vsce@2.15.0: vsce has been renamed to @vscode/vsce. Install using @vscode/vsce instead.
(...)

3 vulnerabilities (2 moderate, 1 high)

(...)
npm install  102.44s user 15.54s system 93% cpu 2:06.42 total

$ npm audit
# npm audit report

json5  <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/tsconfig-paths/node_modules/json5

1 high severity vulnerability

🏷️ What kind of change is this?

♻️ Anything particular you want feedback on?

I ran the updated test and a build afterwards with success:

$ npm run test

> cucumber-official@1.7.0 pretest
> npm run compile

> cucumber-official@1.7.0 compile
> tsc --build

> cucumber-official@1.7.0 test
> node ./dist/src/test/runTest.js

Found existing install in /Users/dom/git/vscode/.vscode-test/vscode-darwin-1.78.0. Skipping download
[main 2023-05-05T15:29:29.445Z] update#ctor - updates are disabled by the environment
Via 'product.json#extensionEnabledApiProposals' extension 'ms-vscode.vscode-selfhost-test-provider' wants API proposal 'testContinuousRun' but that proposal DOES NOT EXIST. Likely, the proposal has been finalized (check 'vscode.d.ts') or was abandoned.
2023-05-05 17:29:30.458 Code Helper (Renderer)[97671:1054968] CoreText note: Client requested name ".NewYork-Regular", it will get TimesNewRomanPSMT rather than the intended font. All system UI font access should be through proper APIs such as CTFontCreateUIFontForLanguage() or +[NSFont systemFontOfSize:].
2023-05-05 17:29:30.458 Code Helper (Renderer)[97671:1054968] CoreText note: Set a breakpoint on CTFontLogSystemFontNameRequest to debug.
Loading development extension at /Users/dom/git/vscode/dist
Bad control character in string literal in JSON at position 2

  Extension Test Suite
    ✔ Sample test
  1 passing (3ms)
[main 2023-05-05T15:29:32.063Z] Extension host with pid 97702 exited with code: 0, signal: unknown.
Exit code:   0
Done

npm run test  10.38s user 2.67s system 155% cpu 8.379 total

$ npm run build

> cucumber-official@1.7.0 build
> npm run esbuild-extension

> cucumber-official@1.7.0 esbuild-extension
> esbuild ./src/extension.ts --external:vscode --bundle --outfile=out/extension.js --format=cjs --platform=node --minify --sourcemap

  out/extension.js      996.3kb
  out/extension.js.map    3.3mb

⚡ Done in 235ms

📋 Checklist:

This text was originally generated from a template, then edited by hand. You can modify the template here.

kieran-ryan commented 9 months ago

Hi @nodeg, thank you very much for your contribution; apologies there has been no review on your pull request.

The warnings and vulnerabilities you observed appear to no longer be present - the Renovate configuration for the Cucumber organisation appears to be doing a good job of keeping dependencies up to date.

Would you perhaps be able clone the repository and verify if the pull request can be closed? Otherwise we can examine whether we can update and get it merged.

nodeg commented 9 months ago

I did some more testing with the most recent changes from the main branch and still see some of the issues

$ npm install
npm WARN deprecated vscode-test@1.6.1: This package has been renamed to @vscode/test-electron, please update to the new name
npm WARN deprecated vsce@2.15.0: vsce has been renamed to @vscode/vsce. Install using @vscode/vsce instead.

> cucumber-official@1.8.0 prepare
> npm run copy-wasms

> cucumber-official@1.8.0 copy-wasms
> mkdir -p out && cp node_modules/@cucumber/language-service/dist/*.wasm out

added 753 packages, and audited 754 packages in 47s

200 packages are looking for funding
  run `npm fund` for details

2 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.
$ npm audit
# npm audit report

xml2js  <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
fix available via `npm audit fix --force`
Will install vsce@1.97.0, which is a breaking change
node_modules/xml2js
  vsce  >=1.98.0-alpha.0
  Depends on vulnerable versions of xml2js
  node_modules/vsce

2 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

After applying my changes, the issues are gone:

$ npm install

> cucumber-official@1.8.0 prepare
> npm run copy-wasms

> cucumber-official@1.8.0 copy-wasms
> mkdir -p out && cp node_modules/@cucumber/language-service/dist/*.wasm out

added 740 packages, and audited 741 packages in 53s

200 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities
$ npm run test

> cucumber-official@1.8.0 pretest
> npm run compile

> cucumber-official@1.8.0 compile
> tsc --build

> cucumber-official@1.8.0 test
> node ./dist/src/test/runTest.js

Downloading VS Code 1.85.1 from https://update.code.visualstudio.com/1.85.1/darwin/stable
Downloading VS Code [==============================] 100%
Downloaded VS Code into /Users/dom/git/vscode/.vscode-test/vscode-darwin-1.85.1

Downloaded VS Code into /Users/dom/git/vscode/.vscode-test/vscode-darwin-1.85.1
2023-12-20 14:30:19.263 Electron[94335:1720694] WARNING: Secure coding is not enabled for restorable state! Enable secure coding by implementing NSApplicationDelegate.applicationSupportsSecureRestorableState: and returning YES.
[main 2023-12-20T13:30:20.199Z] update#setState disabled
[main 2023-12-20T13:30:20.201Z] update#ctor - updates are disabled by the environment
Via 'product.json#extensionEnabledApiProposals' extension 'ms-python.python' wants API proposal 'registerIssueDataProvider' but that proposal DOES NOT EXIST. Likely, the proposal has been finalized (check 'vscode.d.ts') or was abandoned.
2023-12-20 14:30:22.264 Code Helper (Renderer)[94342:1720943] CoreText note: Client requested name ".NewYork-Regular", it will get TimesNewRomanPSMT rather than the intended font. All system UI font access should be through proper APIs such as CTFontCreateUIFontForLanguage() or +[NSFont systemFontOfSize:].
2023-12-20 14:30:22.264 Code Helper (Renderer)[94342:1720943] CoreText note: Set a breakpoint on CTFontLogSystemFontNameRequest to debug.
Started local extension host with pid 94354.
Loading development extension at /Users/dom/git/vscode/dist

  Extension Test Suite
    ✔ Sample test
  1 passing (5ms)
[main 2023-12-20T13:30:24.525Z] Extension host with pid 94354 exited with code: 0, signal: unknown.
Exit code:   0
Done

I did rebase and update my PR.

aslakhellesoy commented 9 months ago

Hi @nodeg,

Thanks for your making your first contribution to Cucumber, and welcome to the Cucumber committers team! You can now push directly to this repo and all other repos under the cucumber organization! 🍾

In return for this generous offer we hope you will:

On behalf of the Cucumber core team, Aslak Hellesøy Creator of Cucumber